Autoconfig

50 %
50 %
Information about Autoconfig
Technology

Published on March 9, 2014

Author: fredbovy

Source: slideshare.net

Description

IPv6 Autoconfiguration
SLAAC, DHCPv6, DHCP-PD

03/08/14 Provisioning IPv6 in a Nutshell v1.0 By Fred Bovy. IPv6 Forum Gold Trainer, Gold Security Trainer, Gold Engineer ccie #3013 © Frederic Bovy EIRL. 2014. Page 1

Table of Contents 1. Introduction............................................................................................................................................3 2. Stateless Addresses Autoconfiguration..................................................................................................4 3. DHCPv6.................................................................................................................................................5 4. Interface Start-up..................................................................................................................................10 4.1 Link-Local Address acquisition.....................................................................................................10 4.2. Router Solicitation........................................................................................................................11 4.3. RA Prefix Option Checking.........................................................................................................13 4.4. Check if DHCPv6 must be called.................................................................................................15 5. DHCP Prefix Delegation......................................................................................................................16 Annex B. Interface Startup.......................................................................................................................18 Annex C. Neighbor FSM.........................................................................................................................19 Annex D. DHCP Case Study....................................................................................................................20 Illustration Index Illustration 1: Router Advertisement from FREE Service Provider...........................................................4 Illustration 2: DHCPv6 Servers Discovery................................................................................................5 Illustration 3: DHCPv6 Reservation or Info Request................................................................................6 Illustration 4: IA for Temporary Address...................................................................................................7 Illustration 5: DHCPv6 Identity Association for Non-temporary Addresses Option.................................8 Illustration 6: IA Address Option...............................................................................................................8 Illustration 7: Address/interface State........................................................................................................9 Illustration 2: The Interface Startup Algorithm........................................................................................10 Illustration 8: Link Local Address acquisition.........................................................................................10 Illustration 9: Step 2. Router Solicitation/Advertisement. If There is a Prefix Option we go to A and Return to B...............................................................................................................................................12 Illustration 10: RA Prefix checking full Algorithm.................................................................................13 Illustration 11: Checking each prefix from the RA Prefix Option...........................................................14 Illustration 12: Check if DHCPv6 mudt be called...................................................................................15 Illustration 13: Each DHCP-PD Client receives a /48 prefix that it can subnet for all its LANs and Links.........................................................................................................................................................16 Illustration 14: DHCP-PD Lifecycle........................................................................................................17 Illustration 15: Interface Startup..............................................................................................................18 Illustration 16: IPv6 Provisioning Case Study.........................................................................................20 © Frederic Bovy EIRL. 2014. Page 2

1. Introduction IPv6 was designed to be plug and play for the user. It does not mean that no provisioning must be made on the Network Side Interface start-up follows the same algorithm on all platforms. IPv6 don't need DHCPv6 as IPv4 but it may be used as a complement to provide additional information or even IPv6 addresses as well but no default Route! In IPv6 we can have dynamic or static addresses. Static is for Servers and active network nodes like routers. Dynamic Addresses can be learned from Stateless Address Autoconfiguration, RFC4862 and, or DHCPv6, RFC 3315. When DHCPv6 is used to learn IPv6 Address it is called Stateful DHCPv6 as the server must keep a state for each lease. While the Interface is starting up it is in TENTative mode and no IPv6 traffic can take place on such interface. The dynamic Addresses are in the Preferred State until the Preferred timers expires if not refreshed by a Router Advertisement or a DHCPv6 Renew. In this mode, the addresses can be used for new and existing connections. When the Preferred Timers expired, the address goes into Deprecated mode where it can only be used by existing connection but not for new ones. If a refresh comes in, the address comes back to Preferred mode. So dynamic addresses must be periodically refreshed by periodic RA or DHCPv6 . It is also possible for DHCPv6 to allocate block of addresses or Prefix that can be subnetted later. This is DHCP Prefix Delegation or DHCP-PD. © Frederic Bovy EIRL. 2014. Page 3

2. Stateless Addresses Autoconfiguration IPv6 does not need a DHCP server to be plug and play for the workstation. Stateless Address Autoconfiguration allows a Workstation or any end node to be fully configured from the local router information. DHCPv6 can help if some information are not provided by the native IPv6 process, Stateless Address Autoconfiguration. Illustration 1: Router Advertisement from FREE Service Provider The addresses are automatically configured from a prefix provided in the Prefix Option of the Router Advertisement in the Neighbor Discovery Protocol. The Router Advertisement can be solicited by a Router Solicitation packet and are periodically multicasted to all IPv6 nodes on a Local Area Network (LAN). The dynamic address is built and must be refreshed by the periodic RA. © Frederic Bovy EIRL. 2014. Page 4

3. DHCPv6 It is possible to use DHCPv6 instead of Stateless Address Autoconfiguration or to complement it with more information. Illustration 2: DHCPv6 Servers Discovery © Frederic Bovy EIRL. 2014. Page 5

Illustration 3: DHCPv6 Reservation or Info Request © Frederic Bovy EIRL. 2014. Page 6

Illustration 4: IA for Temporary Address When the Managed bit (M-bit) in the Flag field of the Router Advertisement is set, the IPv6 End nodes knows that it must call DHCPv6 to get Address(es) and Other Information. When the M-bit is not set but the Other bit (O-bit) is set, the end node knows that it must call DHCPv6 to get information but no address. The communication between the DHCPv6 Client and Server take place in a 4 way process. First, the client sends a Solicit message. It is sent to a multicast address (FF02::1:2) received by ALL DHCPv6 SERVERS and RELAYS. If there is a DHCP Relay is configured without the Unicast of a Server and Multicast is available in the site, the DHCP Relay forward it to FF05::1:3, a multicast address which will find ALL SERVERS of the site. “An "identity­association" (IA) is a construct through which a server and  a client can identify, group, and manage a set of related IPv6 Addresses.  Each IA consists of an IAID and associated configuration information.” T1 and T2 timers comes with DHCPv6 for Non-Temporary Addresses and must be carefully set so the addresses remain in Preferred mode. © Frederic Bovy EIRL. 2014. Page 7

Illustration 5: DHCPv6 Identity Association for Non-temporary Addresses Option When T1 expires the DHCP Client must Renew its Lease. This is for the client to let its current DHCP server know that it want to keep its address. Illustration 6: IA Address Option If T2 expires, the node will try to Rebind which is to find any DHCP server that can provide an address. T1 and T2 must be set conservatively to avoid the IPv6 address to become Deprecated. T1 and T2 depends on the Valid and Preferred value. © Frederic Bovy EIRL. 2014. Page 8

I would recommend to have T1 set to one third of the Preferred timer value. Illustration 7: Address/interface State © Frederic Bovy EIRL. 2014. Page 9

4. Interface Start-up 4.1 Link-Local Address acquisition Illustration 2: The Interface Startup Algorithm Illustration 8: Link Local Address acquisition The IPv6 interface will need a Link-Local IPv6 address for any communication on each link. So the IPv6 node configured for Autoconfig which the default on most end-nodes platforms: Windows, MAC OS X or Linux. First, for each node, the host computes the 64 bits of the Interface Identifier part of the address from the MAC Address. It just split the 48 bit of the MAC address in two and adds 0xfffe in the middle. Then it checks if the address is unique with © Frederic Bovy EIRL. 2014. Page 10

DAD procedure: Then it adds the link-local prefix ffe80:: and we got an IPv6 Link-Local address. This address is not routable it is really local on the link and the address must contain the interface zone to get used. The zone can be an SNMP Index or the Interface name. Example on CISCO Routers: fe80::90f4:45ff:fe64:36cd%GigabitEthernet0/0/1 Or Windows: fe80::847f:81ff:feca:239d%15 Once the address built, it is verified for uniqueness. A NS to oneself is sent and we expect no reply for this. If we receive a reply it means that someone is using the address we were planning to use and the interface is disabled for IPv6! Otherwise after a short timeout with no reply, we assume nobody uses it and we initialise our interface for this address. The next step is for the workstation to send a request to any router on the LAN. With a Router solicitation message. 4.2. Router Solicitation The Router Solicitation message is sent to the ALL_IPv6_Routers Multicast address: ff02::2. The Solicited Router Advertisement message is sent ack from local server or in most case it will be relayed by a DHCP Relay. When it got a reply, it parses the fields which are meaningful for the workstation like the MTU or the Router IPv6 and MAC Addresses. Then it examines the Router Advertisement if there is a Prefix Option. If yes it will examine each prefix to check if it must build an address from the prefix. Flags and Timers with each prefix will tell the router if it must derive an address or not from the prefix. If no router replies we just try DHCPv6 and exit. See Illustration 2 for more details (Router Advertisement from FREE Service Provider). © Frederic Bovy EIRL. 2014. Page 11

Illustration 9: Step 2. Router Solicitation/Advertisement. If There is a Prefix Option we go to A and Return to B. © Frederic Bovy EIRL. 2014. Page 12

Illustration 10: RA Prefix checking full Algorithm 4.3. RA Prefix Option Checking Each prefix present is checked in the Router Advertisement fields. To get used and derive an address from each prefix the Autonomous bit and the On-Link bit MUST be set, the Valid timer MUST be > 0 © Frederic Bovy EIRL. 2014. Page 13

Illustration 11: Checking each prefix from the RA Prefix Option and the Valid MUST T >= Preferred timer. It builds an address from each prefix and check if the address is unique with a DAD procedure. A Neigbor Solicitation sent to oneself and then wait a little time to check if somebody else replies. If no, he address is unique and we can initialize it. Otherwise, the address will not be used. Apr Apr Apr Apr Apr Apr 18 18 18 18 18 18 09:57:31: 09:57:31: 09:57:31: 09:57:32: 09:57:32: 09:57:32: ICMPv6-ND: L3 came up on GigabitEthernet0/2 IPv6-Addrmgr-ND: DAD request for 2000:1::1 on GigabitEthernet0/2 ICMPv6-ND: Sending NS for 2000:1::1 on GigabitEthernet0/2 IPv6-Addrmgr-ND: DAD: 2000:1::1 is unique. ICMPv6-ND: Sending NA for 2000:1::1 on GigabitEthernet0/2 IPv6-Address: Address 2000:1::1/64 is up on GigabitEthernet0/2 © Frederic Bovy EIRL. 2014. Page 14

4.4. Check if DHCPv6 must be called Illustration 12: Check if DHCPv6 mudt be called Last, we check the Flag field from the Router Advertisement message if we need to call DHCPv6 to get Address(es) and Other information with the Managed Configuration file. This is Statefull DHCP. If the Managed Configuration file is not set but the Other config flag is set, this is Stateless DHCP configuration. DHCP is used for all information but Address. So we could get addresses from the Prefix Option or the Router Advertisements and get many information from DHCPv6. This is stateless because as we do not reserve a ressource, we do not need to keep a state with the DHCP advertisement. In other way we could combine addresses learned by Router Advertisements with Addresses learned with DHCPv6. A few important remarks, thhttp://tools.ietf.org/html/rfc4862e DNS Server addresses can be learned from the Router Advertisement and the default Route cannot be learned from DHCPv6! © Frederic Bovy EIRL. 2014. Page 15

5. DHCP Prefix Delegation Illustration 13: Each DHCP-PD Client receives a /48 prefix that it can subnet for all its LANs and Links. DHCPv6 can also be used to allocate prefixes. © Frederic Bovy EIRL. 2014. Page 16

A block of addresses is provided to the Delegating Router which allocates a prefix to each client which places a request. The allocated block follow the same rules than a single address and must be refreshed before T2 expires if you don't want all your derived addresses to be deprecated. Illustration 14: DHCP-PD Lifecycle © Frederic Bovy EIRL. 2014. Page 17

Annex B. Interface Startup Illustration 15: Interface Startup © Frederic Bovy EIRL. 2014. Page 18

Annex C. Neighbor FSM Drawing 1: Neighbor Cache FSM simplified © Frederic Bovy EIRL. 2014. Page 19

Annex D. DHCP Case Study Illustration 16: IPv6 Provisioning Case Study The Local Router gets its prefix from one subinterface of the trunk. It uses the prefix to configure the LAN interface(s). It gets its default parameter, addresses and default Gateway from the Stateless Address Autoconfig process. It gets additional information from DHCPv6 Server as the right bit is set (M-bit or O-bit) in the Flag field of the Router Advertisement. © Frederic Bovy EIRL. 2014. Page 20

Add a comment

Related presentations

Related pages

CodeTwo Outlook AutoConfig Download | Freeware.de

CodeTwo Outlook AutoConfig 2.1.2 Download auf Freeware.de. Automatische Postfach-Einrichtung für Microsoft-Mailprogramme. Jetzt kostenlos downloaden!
Read more

Autoconfig - Wikipedia, the free encyclopedia

Autoconfig is an auto-configuration protocol of Amiga computers which is intended to automatically assign resources to expansion devices without the need ...
Read more

Speedport automatische Einrichtung nutzen | Telekom Hilfe

Sie nutzen einen Speedport? Wir erklären Ihnen, wie Sie damit die automatische Einrichtung für den Internetzugang und die Telefonie nutzen.
Read more

POP3 und SMTP automatisch konfigurieren | CodeTwo Outlook ...

CodeTwo Outlook AutoConfig erstellt autom. Ihr E-Mail-Account, nachdem Sie Ihre E-Mail-Adresse eingegeben haben.
Read more

Firefox Autoconfig - MIT

The SIPB Firefox Locker - Maintainers. Home Maintainers Support. ... For autoconfig to work, autoconfig support must be enabled during the build process.
Read more

E-Mail Autoconfig & AutoDiscover – Matthias P. Würfl

Wenn man E-Mail-Dienste bereitstellt, dann sollte man es den Nutzern einfach machen die E-Mail-Programme korrekt zu konfigurieren. Und das funktioniert so:
Read more

AutoConfig - Home

AutoConfig removes the drudgery of creating repetitive configuration reader classes and mapping properties to values. Your config class with auto ...
Read more

WLAN AutoConfig Service - technet.microsoft.com

WLAN AutoConfig is a service that configures wireless security and connectivity settings. WLAN AutoConfig configures Institute of Electrical and ...
Read more

Autoconfig - kernel-error.de

Mozilla Thunderbird Autoconfig Benutzer sind, wie der Name schon treffend beschreibt, Menschen welche etwas benutzen. Dieses bedeutet nicht dass sie es ...
Read more

Windows 7 WLAN AutoConfig - ComputerBase Forum

Wie ich gerade in der Ereignisanzeige von Windows7 Ultimate 32Bit Gesehen habe Versucht sich Windows 7 immer mit der WLAN AutoConfig sich für ein WLAN ...
Read more